diff options
author | Stefan Metzmacher <metze@samba.org> | 2009-03-18 08:46:38 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-04-15 09:07:26 +0200 |
commit | b3756ee4a7e7e5533c55f1c57194fcab8773afb1 (patch) | |
tree | 8a46bef48bb2cbb3f54cb98b82860a137a174657 | |
parent | 9a0446c8a638ef5a9c2b48c7718d8311f7ccfb13 (diff) | |
download | samba-b3756ee4a7e7e5533c55f1c57194fcab8773afb1.tar.gz samba-b3756ee4a7e7e5533c55f1c57194fcab8773afb1.tar.xz samba-b3756ee4a7e7e5533c55f1c57194fcab8773afb1.zip |
s3:libsmb: always create bytes array in cli_trans code
Otherwise we return NO_MEMORY without a reason for fragmented trans
requests, as talloc_append_blob() returns buf if we append a 0 length
blob. When we pass buf = NULL we'll get back NULL and then assume
NO_MEMORY...
metze
(cherry picked from commit 88dd6af605dc5754b7e146a068272d37651da710)
(cherry picked from commit 5bbf96dd63227a19fe1f95ff8d8f2b3c75a5a497)
-rw-r--r-- | source3/libsmb/clitrans.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index f5794ea04e6..0266c0307e5 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -731,6 +731,7 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, uint16_t this_data = 0; uint32_t useable_space; uint8_t cmd; + uint8_t pad[3]; frame = talloc_stackframe(); @@ -743,9 +744,16 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset = smb_size - 4; + bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 0); /* padding */ + if (bytes == NULL) { + goto fail; + } + switch (cmd) { case SMBtrans: - bytes = TALLOC_ZERO_P(talloc_tos(), uint8_t); /* padding */ + pad[0] = 0; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 1)); if (bytes == NULL) { goto fail; } @@ -759,13 +767,14 @@ static struct async_req *cli_ship_trans(TALLOC_CTX *mem_ctx, param_offset += talloc_get_size(bytes); break; case SMBtrans2: - bytes = TALLOC_ARRAY(talloc_tos(), uint8_t, 3); /* padding */ + pad[0] = 0; + pad[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ + pad[2] = ' '; + bytes = (uint8_t *)talloc_append_blob(talloc_tos(), bytes, + data_blob_const(pad, 3)); if (bytes == NULL) { goto fail; } - bytes[0] = 0; - bytes[1] = 'D'; /* Copy this from "old" 3.0 behaviour */ - bytes[2] = ' '; wct = 14 + state->num_setup; param_offset += talloc_get_size(bytes); break; |